Management Console UI redress attack

Advisory Information

  • Advisory ID: TERA-SA-000058
  • CVE Numbers and Scores:
  • Published: 4 Aug. 2020
  • Last Updated: 4 Aug. 2020
  • Download PDF

Summary

A clickjacking vulnerability was discovered in the Teradici Management Console. An attacker may click a link and affect the integrity of the application by exploiting this vulnerability.


Affected Products

  • Management Console 20.04
  • Management Console 20.01.1

Solutions and Mitigations

Available Updates

Teradici released Management Console versions 20.01.2, 20.04.1, and 20.07 to address these vulnerabilities.

Workarounds and Mitigation

There are no workarounds that address this vulnerability. To mitigate the vulnerabilities, update to one of the versions of Management Console listed above, (or later).

Vulnerability Details

CVE-2020-13174

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources


Revision History

4 Aug. 2020: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.